The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

3rd Party Ships Software With Ransomware

See Article Here

How did I miss this one? I know I can’t keep up with everything. I was reading the attached article about how manufacturers are sloppy when it comes to cyber security risk, and this part of the article jumped out at me.

The Taiwan Semiconductor Manufacturing Company (TSMC) had a third-party vendor ship them some software, the vendor didn't check the software for viruses and then an engineer at TSMC didn’t scan the software prior to installing it and connecting to TSMC’s systems. Guess what happened? The software was infected with the WannaCry ransomware. Huh? Can you repeat that again. TSMC was down for a couple of days and it didn’t appear to hurt the bottom line, however, how simple is it to scan before you sell or install software?

Supply chain cyber risk is something every company should be reviewing along with all other cyber risk. Because if an attacker can’t get to you, it may be easier to get to the vendors that support you. If you take the time to evaluate your internal risk, extend that same program to external risk. Also, please scan all software prior to installation!